Whereas they’re helpful, browser extensions may require a variety of entry to what you do in your browser. And in case your worst nightmare is having a third-party instrument take screenshots of your searching and ship them off to a third-party firm, I’ve unhealthy information for you.
A “Featured” Chrome Extension Is Snooping on You
Koi Security has printed a report on how the Chrome extension FreeVPN.One extension abuses Chrome’s extension permission system to take fixed screenshots of your searching. And this is not some random extension that was uploaded final week and has no customers. Its Chrome Internet Retailer web page boasts over 100,000 installs, a Featured badge, and a checkmark assuring that “The writer has an excellent file with no historical past of violations”.
As soon as put in, this extension goes to work capturing information within the background with out making you conscious that it is doing this. Each time you load a web page, it silently takes a screenshot whereas additionally capturing information concerning the web page you are on, just like the URL and any identifiers distinctive to you. It then ships this data off to a server that the extension developer controls.
Whereas it began as solely a VPN, the extension has since added “AI Menace Detection” to its providing. This supplies a web page the place you may paste any URL, and AI will (ostensibly) analyze whether or not it is protected. The privateness coverage for this web page does point out that it’ll add a screenshot, however makes no point out of the screenshots being taken consistently within the background.
The Monitoring Elevated Over Time
The Koi Safety report explains how this did not occur . The FreeVPN.One extension has been round for some time, with critiques going again to no less than 2020. Nonetheless, the monitoring habits did not begin till April 2025. That is when the extension was up to date to request entry to all URLs you go to—a far better permission than a VPN ought to want.
In June 2025, the extension obtained one other replace to incorporate the talked about “AI Menace Detection” instrument, together with one other permission to inject scripts. This scanner was doubtless added as a pretext for the screenshot seize and add. Then, on July 17, 2025, the extension obtained one other replace with full spying capabilities. On July 25, one other replace added encryption of the exported information, making it more durable to note what was happening.
The parents from Koi reached out to the developer, however his claims do not add up. He claimed that screenshots ought to solely set off on suspicious websites, however the Koi crew noticed screenshots captured on well-known domains like Google Pictures.
Koi Safety</a>
n “”>
He acknowledged that screenshots will not be saved, however there is no approach to show this. And he stopped responding after they requested for proof that any of this was tied to a legit firm. The developer’s contact e-mail on the Chrome extension web page factors to a generic Wix starter web page.
We have seen many occasions how Chrome extensions can grow to be a menace—even people who had been as soon as legit. And whereas it is ridiculous that this spy ware is at the moment “Featured” on the Chrome Internet Retailer, there are classes to remove that can make it easier to keep away from comparable conditions sooner or later.
First, be vigilant about permissions when putting in Chrome extensions. Once you click on Add to Chrome, you will see a pop-up letting you already know what permissions it requires. Take into consideration what that extension would possibly must do the job it is promising. On this case, there is no want for a VPN to handle your extensions and alter information on all web sites.
Second, it is at all times smart to do a fast scan of the fabric related to apps or extensions you take into account downloading. The Overview for this extension has quite a few bits of awkward wording and poor grammar, together with “chrome” and “ip” being lowercase.
And its assertion “Free VPN is limitless and utterly free for anybody to make use of” is a large purple flag. Whereas legit free VPNs are superb to make use of, all VPNs must make cash one way or the other. No VPN supplier can provide its providers without spending a dime, ceaselessly. Like “lifetime” VPN affords, that is both an indication that the VPN supplier is new and naïve, or that they’ve malicious intentions.
The web site for this VPN can be extremely fundamental; you’d anticipate greater than an amateurish design for one thing that is been round for years. Whereas small-time builders aren’t going to have spectacular websites that rival main firms, they will typically no less than have a GitHub web page, a contact web page, or one thing that reveals they don’t seem to be growing in full secrecy.
Vet the browser extensions you utilize fastidiously, and do not belief random free VPNs that don’t have any ties to actual firms. There are sufficient well-known VPNs accessible that it is best to by no means open your self to threat by putting in one among these.
